LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 10-07-2003, 12:26 PM   #1
markcc
LQ Newbie
 
Registered: Oct 2003
Location: UK
Distribution: Gentoo
Posts: 2

Rep: Reputation: 0
Creating an ultimate anti-virus and anti-spam email gateway


What i'm wanting to do is the following:

Having an email server gateway (ideally running under linux since its the OS i'm most familiar with) which has both a whitelist and a blacklist for emails plus some kind of scanning ability for certain windows virii. (or at least the ability for me to define if something is in an email send it onto the admin or send it to /dev/null).

I want it so when an email is first received it is checked for say exploit code against a list setup by the admin (if it contains virus/exploit code then it gets sent to admin or to /dev/null) then the email is checked against a anti-spam blacklist, if it passes that then it goes onto the next check the whitelist, if the email address is on the whitelist of allowed from email addresses then it gets sent to the primary email server. If not then it gets sent to admin.

The reason for the exploit code thing is simple, at the moment we have an ms exchange 2k server setup as the email server (don't look at me, was before I joined the company) with anti-virus software for both the server and on the workstations.
Now, after I joined the company I obviously did a lot of security improvements since the previous person did not do much in the way of network security. Since at the moment we're mostly a Microsoft place. (hiss, boo yada yada)
Now, viruses got past the anti-virus scanners a couple of times but because of some of the security measures (like disabling people from opening .pif files etc in Outlook) no machines got infected. (even though the anti-virus software was upto date it didn't detect some virii)

Now, I know there are to my knowledge 31 unpatched holes currently in IE some not so serious and others very serious.
So I have to take into consideration that at some point we will end up with a machine or machines infected with a virus no matter how well prepared we are.

If anyone can point me to any guides or information on creating an email gateway under linux that can check emails for certain strings, check emails against a blacklist and then check against a whitelist (which should be easilly able to add new addresses to, ideally i'd want it so users on the network could login via some sort of web interface and can define trusted from addresses for themselves) i'd be grateful.

BTW, I know about lawmonkey.org/anti-spam.html but thats under OpenBSD and primarilly anti-spam only.

Thanks

Mark
 
Old 10-07-2003, 02:12 PM   #2
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
I'd say take a look at Postfix. It is a pretty powerful MTA and you can do filtering based on header, body. You can also implement the anti-spam part using SpamAssassin ... the anti-virus implementation would be done with amavisd-new.
 
Old 10-08-2003, 04:10 AM   #3
markcc
LQ Newbie
 
Registered: Oct 2003
Location: UK
Distribution: Gentoo
Posts: 2

Original Poster
Rep: Reputation: 0
Still need some kind of whitelist web based interface, only way I can see doing that is creating something in PHP and my PHP isn't great at the moment, infact my ASP and VB is better than my PHP which gives you an idea of how bad my PHP is...

Reason why I need a web based interface is simple, people can then add persons email addresses to the whitelist just for their email address or to a universal list. (i'd probably only want certain people to have access to the universal list)

Also, another thing I wouldn't mind having the capability is to say convert all incoming HTML emails (maybe even Rich Text too) into normal plain text (but still keeping any uuencoded/mime attachments), that way it would also strip out any malicious code too, the email gateway could keep the original HTML/Rich Text email and if the user for some reason needs the formatting of said HTML/Rich Text email they can login via the web interface and ok it to send the HTML version to the main email server.

Thanks

Mark
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Anti Virus/ Anti Spam for Linux? Sp@rticus Linux - Software 3 11-18-2005 03:17 AM
Email anti-virus problem Wynand1 Linux - Security 1 09-19-2004 11:16 PM
RE: Email Anti-virus parttimenerd Linux - Software 1 09-04-2004 11:36 PM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 03:35 PM
Best Anti-spam and Anti-virus application? vittibaby Linux - Newbie 6 10-21-2003 08:21 AM


All times are GMT -5. The time now is 05:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration